book

Penetration Testing and Network Defense

by Andrew Whitaker, Daniel P. Newman

October 2005

Intermediate to advanced

624 pages

15h 47m

English

Cisco Press

Read now

Unlock full access

Who Should Read this BookEthical ConsiderationsHow This Book Is Organized
Defining Penetration TestingAssessing the Need for Penetration TestingAttack StagesChoosing a Penetration Testing VendorPreparing for the TestSummary
Ethics of Penetration TestingLawsLoggingTo Fix or Not to FixSummary
Step-by-Step PlanOpen-Source Security Testing Methodology ManualDocumentationSummary
Human PsychologyWhat It Takes to Be a Social EngineerFirst Impressions and the Social EngineerTech Support ImpersonationThird-Party ImpersonationE-Mail ImpersonationEnd User ImpersonationCustomer ImpersonationReverse Social EngineeringProtecting Against Social EngineeringCase StudySummary
Passive Host ReconnaissanceActive Host ReconnaissancePort ScanningNMapDetecting a ScanCase StudySummary
Defining Session HijackingToolsBeware of ACK StormsKevin Mitnick’s Session Hijack AttackDetecting Session HijackingProtecting Against Session HijackingCase StudySummaryResources
Understanding Web LanguagesWebsite ArchitectureE-Commerce ArchitectureWeb Page SpoofingCookie GuessingBrute Force AttacksToolsDetecting Web AttacksProtecting Against Web AttacksCase StudySummary
Defining DatabasesTesting Database VulnerabilitiesSecuring Your SQL ServerDetecting Database AttacksProtecting Against Database AttacksCase StudySummaryReferences and Further Reading
Password HashingPassword-Cracking ToolsDetecting Password CrackingProtecting Against Password CrackingCase StudySummary
Bypassing FirewallsEvading Intruder Detection SystemsTesting Routers for VulnerabilitiesTesting Switches for VulnerabilitiesSecuring the NetworkCase StudySummary
History of Wireless NetworksAntennas and Access PointsWireless Security TechnologiesWar DrivingToolsDetecting Wireless AttacksCase StudySummary
Trojans, Viruses, and Backdoor ApplicationsCommon Viruses and WormsTrojans and BackdoorsDetecting Trojans and Backdoor ApplicationsPreventionCase StudySummary
General ScannersUNIX Permissions and Root AccessMicrosoft Security Models and ExploitsNovell Server Permissions and VulnerabilitiesDetecting Server AttacksPreventing Server AttacksCase StudySummary
Memory ArchitectureBuffer Overflow ExamplesPreventing Buffer OverflowsCase StudySummary
Types of DoS AttacksTools for Executing DoS AttacksDetecting DoS AttacksPreventing DoS AttacksCase StudySummary
Case Study: LCN Gets TestedDAWN Security
What Is a Security Policy?Risk AssessmentBasic Policy RequirementsSecurity Policy Implementation and ReviewPreparing a Security Policy in Ten Basic StepsReference Links
Performing Host Reconnaissance (Chapter 5)Understanding and Attempting Session Hijacking (Chapter 6)Performing Web-Server Attacks (Chapter 7)Performing Database Attacks (Chapter 8)Cracking Passwords (Chapter 9)Attacking the Network (Chapter 10)Scanning and Penetrating Wireless Networks (Chapter 11)Using Trojans and Backdoor Applications (Chapter 12)Penetrating UNIX, Microsoft, and Novell Servers (Chapter 13)Understanding and Attempting Buffer Overflows (Chapter 14)Denial-of-Service Attacks (Chapter 15)

Content preview from Penetration Testing and Network Defense

Introduction

The first “hackers” emerged from the Massachusetts Institute of Technology (MIT) in 1969. The term originally described members of a model train group who would “hack” the electric trains to increase the speed of their trains.

Today, the term has quite a different meaning. When people think of computer hackers, they think of computer experts who are adept at reverse engineering computer systems. They might think of malicious hackers who aspire to break into networks to destroy or steal data, or of ethical hackers who are hired to test the security of a network. Often, these ethical hackers, or penetration testers, mimic the same techniques as a malicious hacker.

The need for penetration testing is simple. The best way to stop a criminal ...